MesaLock Linux is a general purpose Linux distribution which aims to provide a
safe and secure user space environment. To eliminate high-severe
vulnerabilities caused by memory corruption, the whole user space applications
are rewritten in memory-safe programming languages like Rust and Go. This
extremely reduces attack surfaces of an operating system exposed in the wild,
leaving the remaining attack surfaces auditable and restricted. Therefore,
MesaLock Linux can substantially improve the security of the Linux ecosystem.
Additionally, thanks to the Linux kernel, MesaLock Linux supports a broad
hardware environment, making it deployable in many places. Two main usage
scenarios of MesaLock Linux are for containers and security-sensitive embedded
devices. With the growth of the ecosystem, MesaLock Linux would also be adopted
in the server environment in the future.

To get better functionality along with strong security guarantees, MesaLock
Linux follows the following rules-of-thumb for hybrid memory-safe architecture
designing proposed by the Rust SGX SDK
project.

Unsafe components should be appropriately isolated and modularized, and the
size should be small (or minimized).

Unsafe components should not weaken the safe, especially, public APIs and
data structures.

Unsafe components should be clearly identified and easily upgraded.

The MesaLock Linux project is released under the BSD license and source code is
on GitHub https://github.com/mesalock-linux.
There are three main parts of the MesaLock Linux project:

mesalock-distro: providing scripts to build the MesaLock Linux
distributions such as building packages, Live ISO, and rootfs. Live ISO can
be bootstrap in the virutal machine or real devices, while rootfs is for
docker container.

packages: this project includes all building scripts of packages. We
provide many essential packages written in Rust and Go, which are memory safe
programming languages. These packages includes shell, coreutils, findutils,
editor, etc.

We also provide documentations of building, using MesaLock Linux
and contributing new packages.

Becase MesaLock Linux provides a root filesystem for docker container, You can
quickly get started using this command:

$ docker run -p 8000:8000 --rm -it mesalocklinux/mesalock-linux

This will bring you to a shell, then you can start experience MesaLock Linux.
You can also try our demo program, which contains some micro web service
writtin in Rocket (a web framework written in Rust). The demo programs are in
/root/mesalock-demo directory. Because the 8000 port is forwarded, you can
execute /root/mesalock-demo/rocket-hello-world/hello_world and visit the demo
website on your host machine.

The MesaLock Linux project is released under BSD license, which is a permissive
free software license, imposing minimal restrictions on the use and
redistribution. We would like to make a secure and open operating system for
all people appreciate security. In the meantime, the growth of the MesaLock
Linux cannot be done without you guys regardless from the community, industry,
and academia. Therefore, you are very welcomed to contribute and support
MesaLock Linux. There are many ways to support MeaLock Linux:

If you are interested in the MesaLock Linux project, please find us on the
#mesalock-linux IRC channel on the freenode server at
irc://chat.freenode.net and the bridged room on Matrix. If you're not
familiar with IRC, we recommend chatting through Matrix via Riot
(https://riot.im/app/#/room/#mesalock-linux:matrix.org) or via the Kiwi web
IRC client (https://kiwiirc.com/client/irc.mozilla.org/#mesalock-linux).